From ee7e5ba990d5ba1645feb45c7f4f8abf2898f4c3 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Fri, 2 Jul 2021 01:04:48 +0200
Subject: [PATCH] hooks/post-install: add fix permissions hook

---
 .../hooks/post-install/14-fix-permissions.sh  | 28 +++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 common/hooks/post-install/14-fix-permissions.sh

diff --git a/common/hooks/post-install/14-fix-permissions.sh b/common/hooks/post-install/14-fix-permissions.sh
new file mode 100644
index 000000000000..3164f61ac76f
--- /dev/null
+++ b/common/hooks/post-install/14-fix-permissions.sh
@@ -0,0 +1,28 @@
+# This hook fixes permissions in common places
+
+change_file_perms() {
+	dir="$PKGDESTDIR$1"
+	# permission mask for matching the files
+	permmask="$2"
+	# permissions which will be set on matched files
+	perms="$3"
+	if [ -d "$dir" ]; then
+        find "$dir" -type f -perm /"$permmask" -exec chmod -v "$perms" {} +
+    fi
+}
+
+hook() {
+	# check that no files have permission write for all users
+	find "$PKGDESTDIR" -type f -perm -0002 | while read -r file; do
+		msg_error "$pkgver: file ${file#$PKGDESTDIR} has a write permission for all users\n"
+	done
+
+	change_file_perms "/usr/share/man" 133 644
+	change_file_perms "/etc/apparmor.d" 111 644
+	change_file_perms "/usr/share/applications" 133 644
+	change_file_perms "/usr/share/help" 133 644
+	change_file_perms "/usr/share/icons" 133 644
+	change_file_perms "/usr/share/locale" 133 644
+	change_file_perms "/usr/share/metainfo" 133 644
+	change_file_perms "/usr/include" 133 644
+}